Security Brigade was founded with a quality-first thought process. As such we do things differently than most vendors and this enables us to deliver a superior report every time. Some of these key differentiators are given below:
Reports with Detailed Fix Information
Our Reports contains the minute information about the web-application logic, POCs etc
Intelligent Automation with Multi-Tool Integration
Our Reports contains the minute information about the web-application logic, POCs etc
Manual Business Logic and Workflow Testing
Our Reports contains the minute information about the web-application logic, POCs etc
Reports with Detailed Fix Information
Our security audit reports are different in a number of ways:
- Fix information with code examples are given for the customers specific platform and environment. So if the customer has a SQL Injection in their PHP + MySQL website – We will give them code examples for how to securely fix this issue with PHP + MySQL.
- Step by step proofs of concepts is given for each issue. This enables the customer’s team to thoroughly understand and reproduce the issue independently.
- Reports do-not contain generic copy-pasted text. Each report is written specifically with the customer’s application and network in mind to ensure maximum relevance to their situation.
Intelligent Automation with Integration of Commercial, Open-Source and Proprietary Tools
Most auditors rely on a single automated tool for every single audit. However, networks and applications today are far too complicated for a single tool to be able to do justice. Our Intelligent Automation Platform works as follows:
- Our platform automatically profiles the target and understands various key criteria about the network or application. (Such as if the website is Ajax or Flash heavy, or if the network uses Lotus Domino Servers or Cisco Devices and so on)
- Based on the profile that’s created, it intelligently shortlists tools that work best with those platforms based on internal benchmarks and past experience.
- An auditor approves the tools and commands which are then executed by the platform. The results are then correlated, cross-referenced and presented to the auditor as a simplified consolidated view.
Manual Business Logic and Workflow Testing
Most companies refer to “manual testing” as part of their process, but they are only talking about removing false positives. Applications today contain a significant amount of business logic and workflow and these areas cannot be tested thoroughly through tools.
- We go through the complete application and map its modules, sub-modules, pages, parameters, data flow, and workflow.
- Based on this information, we prepare test-cases of all possible abuse scenarios that could take place for each component.
- These abuse scenarios are tested, reviewed and executed based on which a TRUE or FALSE status is applied to each issue.
- This process lets us identify significant critical vulnerabilities that are impossible to find through automated mechanisms.